Class: ActionDispatch::Cookies
- Defined in:
- actionpack/lib/action_dispatch/middleware/cookies.rb
Overview
Cookies are read and written through ActionController#cookies.
The cookies being read are the ones received along with the request, the cookies being written will be sent out with the response. Reading a cookie does not get the cookie object itself back, just the value it holds.
Examples for writing:
# Sets a simple session cookie.
# This cookie will be deleted when the user's browser is closed.
[:user_name] = "david"
# Assign an array of values to a cookie.
[:lat_lon] = [47.68, -122.37]
# Sets a cookie that expires in 1 hour.
[:login] = { :value => "XJ-122", :expires => 1.hour.from_now }
# Sets a signed cookie, which prevents a user from tampering with its value.
# The cookie is signed by your app's <tt>config.secret_token</tt> value.
# Rails generates this value by default when you create a new Rails app.
.signed[:user_id] = current_user.id
# Sets a "permanent" cookie (which expires in 20 years from now).
.permanent[:login] = "XJ-122"
# You can also chain these methods:
.permanent.signed[:login] = "XJ-122"
Examples for reading:
[:user_name] # => "david"
.size # => 2
[:lat_lon] # => [47.68, -122.37]
Example for deleting:
.delete :user_name
Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:
[:key] = {
:value => 'a yummy cookie',
:expires => 1.year.from_now,
:domain => 'domain.com'
}
.delete(:key, :domain => 'domain.com')
The option symbols for setting cookies are:
-
:value
- The cookie’s value or list of values (as an array). -
:path
- The path for which this cookie applies. Defaults to the root of the application. -
:domain
- The domain for which this cookie applies so you can restrict to the domain level. If you use a schema like www.example.com and want to share session with user.example.com set:domain
to:all
. Make sure to specify the:domain
option with:all
again when deleting keys.:domain => nil # Does not sets cookie domain. (default) :domain => :all # Allow the cookie for the top most level domain and subdomains.
-
:expires
- The time at which this cookie expires, as a Time object. -
:secure
- Whether this cookie is a only transmitted to HTTPS servers. Default isfalse
. -
:httponly
- Whether this cookie is accessible via scripting or only HTTP. Defaults tofalse
.
Defined Under Namespace
Classes: CookieJar, CookieOverflow, PermanentCookieJar, SignedCookieJar
Constant Summary collapse
- HTTP_HEADER =
"Set-Cookie".freeze
- TOKEN_KEY =
"action_dispatch.secret_token".freeze
Instance Method Summary collapse
- #call(env) ⇒ Object
-
#initialize(app) ⇒ Cookies
constructor
A new instance of Cookies.
Constructor Details
Instance Method Details
#call(env) ⇒ Object
329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 |
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 329 def call(env) = nil status, headers, body = @app.call(env) if = env['action_dispatch.cookies'] .write(headers) if headers[HTTP_HEADER].respond_to?(:join) headers[HTTP_HEADER] = headers[HTTP_HEADER].join("\n") end end [status, headers, body] ensure = ActionDispatch::Request.new(env). unless .close! end |